-
Access the Connections page using one of these:
- Spectrum Management Console:
- Access Spectrum Management Console using the URL:
http://server:port/management
console, where server is the server name or IP
address of your Spectrum Technology Platform server and
port is the HTTP port used by Spectrum Technology Platform.Note: By default, the HTTP port is 8080.
- Click Resources > Connections.
- Spectrum Discovery:
- Access Spectrum Discovery using the URL: http://server:port/discovery, where server is the server name or IP address of your Spectrum Technology Platform server and port is the HTTP port used by Spectrum Technology Platform.Note: By default, the HTTP port is 8080.
- Click Connect.
- Click the Add connection button .
-
In the Connection Name box, enter a name for the connection. The name can be anything you choose.
Note: Once you save a connection you cannot change the name.
- In the Connection Type field, choose Cloud.
- In the Cloud service field, choose AmazonS3.
- In the Bucket name field, enter the bucket name as defined in your Amazon S3 cloud service. This is the bucket where Spectrum Technology Platform will read and write files.
- Enter your access key and secret key assigned to you by Amazon.
-
In the Storage Type, field select the level of
redundancy that you want to allow for data storage.
- Standard
- The default level of redundancy provided by Amazon S3.
- Reduced redundancy
- Stores non-critical and easily-reproducible data at lower levels of redundancy. This provides fairly reliable storage at a lower cost.
-
In the Encryption section, select the encryption method
for the data. You can select server side encryption, client side encryption, or
both.
- Server side key
- The data is encrypted and decrypted at the server side. Your data is
transmitted in plain text to the Amazon cloud service where it is
encrypted and stored. On retrieval, the data is decrypted by the
Amazon cloud service then transmitted in plain text to your system.
You have two options for specifying the key:
- AWS managed: The key is automatically generated by the Amazon S3 cloud service.
- Customer provided: Enter the key to be used by the Amazon S3 cloud service to encrypt and decrypt the data on the server side. Server-side customer-managed encryption needs to be enabled on the bucket. To do this, a key needs to be set up in the AWS KMS. Use the AWS S3 console and give the Key ID (available in the KMS) as the input while setting up the S3 connector in the Spectrum management console.
- Client side key
- The data is encrypted and decrypted at the client side. The data is encrypted locally on your client system then transmitted to the Amazon S3 cloud storage. On retrieval, the data is transmitted back in an encrypted format to your system and is decrypted on the client system.
Client side key: Enter the key to be used by your client system to encrypt and decrypt the data. Any random text can act as the encryption key to be provided while setting up the S3 connector in the Spectrum management console.
If you select both Server side key and Client side key, encryption and decryption is performed at both server and client sides. Data is first encrypted with your client side key and transmitted in an encrypted format to Amazon, where it is again encrypted with the server side key and stored. On retrieval, Amazon first decrypts the data with the server side key, transmitting the data in an encrypted format to your system, where it is finally decrypted with the client side key.
For more information about Amazon S3 encryption features, see:
docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
Note:A file that has been encrypted with a given key while being created in the bucket can be read using the same key, and decryption takes place while fetching the file from the bucket. If the key differs, the decryption process will throw exceptions.
-
If you want to set access permissions, in the Permissions
section, click .
The three kinds of Grantees are:
- Everyone
- Every one else other than Authenticated Users and Log Delivery group.
- AuthenticatedUsers
- For users who are logged into Amazon.
- LogDelivery
- For users who write activity logs in a user-specified Bucket, if Bucket Logging is enabled.
For each Grantee, select the desired permissions:
- Open/Download
- Allow the user to download the file.
- View
- Allow the user to view the current permissions on the file.
- Edit
- Allow the user to modify and set the permissions on the file.
- To test the connection, click Test.
- Click Save.
Important: The Amazon S3 connection supports data
bucket present in the region us-east-1 only.